How to Complete a Review of Your Information Governance Policies

Information Governance policies play a pivotal role in an organisation's Information Governance (IG) framework and management. All organisations and businesses throughout the country should be striving to achieve a robust and structured IG framework, and ensure that their employees are following the rules and regulations of IG policies at all times. This is particularly important for healthcare organisations. The Department of Health has an online tool known as the Information Governance Toolkit. This tool should be used annually by all NHS trusts, all private or independent healthcare organisations, charities or voluntary agencies who work with individuals who access healthcare services, and any organisation that processes patient-level or confidential information on behalf of an NHS organisation. That's a long list of companies! How well an organisation scores against the Information Governance Toolkit will help others decide upon whether or not they want to use their services. It is often a mandatory part of any contract with an NHS body, that a company has passed the Information Governance Toolkit Assessment each year.

In order to pass this toolkit assessment, an organisation, company or business must ensure that its IG policies are all up to date. This means reviewing them and formally updating them on an annual basis. Different organisations will have a slightly different list of policies that they consider to be 'Information Governance-related'. However, all should have the following crucial policies:

- Information and Security

- Risk Management and Assessment

- Lifecycle Management

- Records Management

- Information Governance

- Confidentiality Code of Practice

- Information Sharing Policy

- Data Protection Policy

To ensure that some of the key performance areas of the Information Governance Toolkit can be signed off successfully each year, all of the above policies should be reviewed annually.

So, how do you go about completing a review of these policies? There are a number of useful stages for successful policy review listed below:

1. Decide internally who the most appropriate individuals would be to review each of the policies listed. This might be the same group of individuals for each policy, or it may be that you want to break the policies into groups, with different individuals reviewing each group.

2. Task a member of the review group(s) with the job of searching for updated guidance on each of the policy areas. This individual would be responsible for checking to see if there has been any legal updates or information released over the past year that need to be reflected within the company's IG policy documentation.

3. Ensure each review group member has read through the policies that need to be updated. Each individual should make a note of any changes that they think should be made to the policy. The type of changes that should be considered include; language changes (spelling, grammar, etc), changes to named lead individuals if the organisation structure has changed, process amendments, references to external documentation.

4. Each change proposed should be considered by the entire group and either accepted or declined.

5. Once all proposed changes have been agreed upon, the policy should be amended accordingly.

6. Don't forget to update the date of the policy and to re-circulate it to staff.